U.S. officials expect Iran to reach out directly to individual Americans in the coming weeks to try to influence how they vote, cause societal division or incite violence, according to three sources with knowledge of U.S. intelligence on the matter.

While it is unclear exactly what such an operation would entail, or even if it has already begun, the governments of the US, Sweden and Israel have all accused Iran of sending threatening and intimidating email and text messages to their citizens in recent years. The US intelligence community noted this month that Iranian hackers appear to have gained access to the voting records of some Americans, as they did in 2020.

“You don’t have to read the tea leaves to know this is a possible tactic. They have a clear history of usage,” said John Hultquist, principal analyst at Google’s Threat Intelligence Group.

Last week, US intelligence officials he told reporters that both Iran and Russia were continuing propaganda operations to influence American voters and society. Russia would prefer former President Donald Trump to win, while Iran would prefer him to lose, but both countries aim to fuel distrust of democracy and could try to incite violence in the US before or after the election, officials said.

Two ongoing cyber influence operations this election cycle that the US government and cybersecurity companies have attributed to Iran — a hack-and-leak operation to steals and distributes campaign materials from Trump’s campaign and series of fake American news sites — failed to gain traction. A spokesman for Iran’s U.N. mission did not respond to a request for comment, but officials in Tehran have routinely denied U.S. accusations of election influence campaigns.

“There are two different goals that Iranian actors may have in the direct relationship,” Max Lesser, a senior analyst at the nonprofit Foundation for Defense of Democracies, told NBC News. “One is just to send the message directly to the intended audience. Obviously, this is much more direct and effective than creating a fake website or creating a social media botnet, many of which we’ve seen don’t have much engagement.”

“Secondly, they could also try to incite people to engage in physical information operations, whether it’s vandalism, graffiti, things like that,” he said.

A partial redaction information memory dated October 8, which the US declassified last week, details two ways that Iranian military intelligence could have obtained additional personal details about US voters.

“In August 2023, (voiced) actors in the Islamic Revolutionary Guard Corps (IRGC) were aware of unspecified information about US voters in unnamed states available for download on a leak site that, if acquired, could be used to target voters with misinformation,” the memo said.

“In February, IRGC (redacted) cyber actors accessed a network domain associated with the elections division of a US state government and may have obtained voter registration data and whether or not some of the registered individuals voted, (redacted) ” he says.

In the run-up to the 2020 election, US officials announced that Iran was behind an ambitious effort to sow electoral discord. According to the Department of Justice indictment A year later, employees of an Iranian technology firm linked to the Iranian government obtained some information about American voters and sent threatening emails to registered Democrats in Florida, claiming to belong to the pro-Trump militia group Proud Boys. Google said at the time that the hackers sent around 25,000 such emails through Gmail, but about 90% of them were caught in spam filters.

Last month, Israel accused Iran and Hezbollah of hacking a commercial messaging service to send 5 million intimidating text messages to Israeli citizens. One of the texts read: “Leave yourself from loved ones; but don’t worry. You’ll be hugging them in hell in a few hours,” the Israeli newspaper Haaretz reported.

In 2023, activists in Sweden burned copies of the Koran, prompting strong condemnation from several Muslim-majority countries. A group of hacktivists calling themselves Anzu Team appeared on Telegram, vowing revenge, defacing some websites and offering rewards for information on the whereabouts of people allegedly involved in the fires.

“No government or private organization will be safe if you do not extradite desecrators of the Holy Quran to Islamic society. The attacks will continue,” the group posted on its Telegram channel, which is still visible, although it has not posted since last August.

Shortly afterwards, around 15,000 Swedes received mysterious text messages demanding violent revenge. last month, The Swedish authorities announced they had concluded that Anzu Team was a front for the IRGC, which had sent the messages by tapping into a Swedish SMS service. Iran has denied the accusation.

This article was originally published on NBCNews.com